Lucene search

GoogleCVE-2023-32731

HistoryJun 09, 2023 - 11:15 a.m.

CVE-2023-32731

2023-06-0911:15:09

CWE-440

Google

web.nvd.nist.gov

2617

cve-2023-32731

grpc

http2

header size exceeded error

hpack

information leak

privilege escalation

data exfiltration

nvd

security update

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

58.5%

JSON

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005

Affected configurations

Nvd

Vulners

Vulnrichment

Node

grpcgrpcRange1.53.0–1.55.0

VendorProductVersionCPE
grpcgrpc*cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
grpc	grpc	*	cpe:2.3:a:grpc:grpc::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "gRPC",
    "repo": "https://github.com/grpc",
    "vendor": "Google",
    "versions": [
      {
        "lessThanOrEqual": "1.54",
        "status": "affected",
        "version": "1.53",
        "versionType": "custom"
      }
    ]
  }
]